ISP Config and contao

Discussion in 'General' started by Arianna, Mar 9, 2016.

  1. Arianna

    Arianna Member

    Hi,

    did anyone ever install contao with ISP config?
    A use asked me to import from an external host a site developed with contao, but I have problems with directory permissions.

    Fatal error: Uncaught exception Exception with message Cannot create file "system/scripts/a3c8a7a772d0.css" thrown in /home/client30/web43/web/system/libraries/File.php on line 110

    Warning: fopen(/home/client30/web43/web/system/tmp/3232199a741c34694ad6d1e6587a474e): failed to open stream: Permission denied in /home/client30/web43/web/system/libraries/FTP.php on line 160

    Any suggestions?
    Cheers,
    A.
     
  2. ztk.me

    ztk.me Well-Known Member HowtoForge Supporter

    Change the PHP-Method for that website from mod_php to either FastCGI or better PHP-FPM to make PHP run as the given webuser/group.

    Since mod_php is running all php files as the same user www-data which is kinda obsolete / insecure they can't write to files not owned by www-data. So either make the system/scripts folder world writeable or change the execution method for php as explained above since those will run PHP as the corresponding user/group.
    FastCGI however will spawn one process for every request and is considered slower than having a pool handling requests sharing one opcode cache.
     
  3. Arianna

    Arianna Member

    The php method is already PHP-FPM
    web43 22376 22353 0 Mar08 ? 00:00:00 php-fpm: pool web43
    web43 22377 22353 0 Mar08 ? 00:00:00 php-fpm: pool web43

    I also tried changing the gropu owner of the system directory to apache, with no results as it cannot write. Have I to open group writing?

    :(
    A.
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Sure, I know several web design agencies that are specialised on contao that use ispconfig for their servers.

    This opens a security hole and prevents cms from writng files, so it is important to undo that first.

    Back to your original problem, the folder permission that ispconfig creates for the sites are correct by default, so there are no changes required. Just ensure that the following conditions are met:

    1) PHP mode has to be php-fpm or php-fcgi.
    2) The suexec checkbox has to be enabled.
    3) All files and folders that you upload into the "web" folder of the website have to be owned by the web[ID] user and client[id] group of this website. so when you uploaded contao as root or you uploaded it as a targ.gz file and then unpacked it as root, then you will have to chown the files and folders to the correct user. If you upload them by ftp or use the ssh user of that site to upload or unpack then from an archive, then all permissions are correct by default and no chown is required.
     
  5. Arianna

    Arianna Member

    All the 3 requirements are met.
    Now that the web dir has client[id] as group owner errors increased (all involve system dir).
    Note: my home dirs aren't under /var/www but are nfs mounted under /home.

    Warning: scandir(/home/client30/web43/web/system/modules/): failed to open dir: Permission denied in /home/client30/web43/web/system/functions.php on line 274
    #0 [internal function]: __error(2, 'scandir(/home/c...', '/home/client30/...', 274, Array)
    #1 /home/client30/web43/web/system/functions.php(274): scandir('/home/client30/...')
    #2 /home/client30/web43/web/system/libraries/Config.php(288): scan('/home/client30/...')
    #3 /home/client30/web43/web/system/libraries/Config.php(149): Config->getActiveModules()
    #4 /home/client30/web43/web/system/libraries/Config.php(125): Config->initialize()
    #5 /home/client30/web43/web/system/initialize.php(74): Config::getInstance()
    #6 /home/client30/web43/web/index.php(36): require('/home/client30/...')
    #7 {main}


    Warning: scandir(): (errno 13): Permission denied in /home/client30/web43/web/system/functions.php on line 274
    #0 [internal function]: __error(2, 'scandir(): (err...', '/home/client30/...', 274, Array)
    #1 /home/client30/web43/web/system/functions.php(274): scandir('/home/client30/...')
    #2 /home/client30/web43/web/system/libraries/Config.php(288): scan('/home/client30/...')
    #3 /home/client30/web43/web/system/libraries/Config.php(149): Config->getActiveModules()
    #4 /home/client30/web43/web/system/libraries/Config.php(125): Config->initialize()
    #5 /home/client30/web43/web/system/initialize.php(74): Config::getInstance()
    #6 /home/client30/web43/web/index.php(36): require('/home/client30/...')
    #7 {main}


    Warning: Invalid argument supplied for foreach() in /home/client30/web43/web/system/functions.php on line 274
    #0 /home/client30/web43/web/system/functions.php(274): __error(2, 'Invalid argumen...', '/home/client30/...', 274, Array)
    #1 /home/client30/web43/web/system/libraries/Config.php(288): scan('/home/client30/...')
    #2 /home/client30/web43/web/system/libraries/Config.php(149): Config->getActiveModules()
    #3 /home/client30/web43/web/system/libraries/Config.php(125): Config->initialize()
    #4 /home/client30/web43/web/system/initialize.php(74): Config::getInstance()
    #5 /home/client30/web43/web/index.php(36): require('/home/client30/...')
    #6 {main}


    Warning: fopen(/home/client30/web43/web/system/tmp/32d85161e08180e623107a346e5a8f22): failed to open stream: Permission denied in /home/client30/web43/web/system/libraries/FTP.php on line 160
    #0 [internal function]: __error(2, 'fopen(/home/cli...', '/home/client30/...', 160, Array)
    #1 /home/client30/web43/web/system/libraries/FTP.php(160): fopen('/home/client30/...', 'wb')
    #2 /home/client30/web43/web/system/libraries/File.php(108): FTP->fopen('system/scripts/...', 'wb')
    #3 /home/client30/web43/web/system/libraries/Combiner.php(158): File->__construct('system/scripts/...')
    #4 /home/client30/web43/web/system/modules/frontend/PageRegular.php(446): Combiner->getCombinedFile()
    #5 /home/client30/web43/web/system/modules/frontend/PageRegular.php(150): PageRegular->createHeaderScripts(Object(DB_Mysql_Result), Object(DB_Mysql_Result))
    #6 /home/client30/web43/web/system/modules/frontend/PageError404.php(101): PageRegular->generate(Object(DB_Mysql_Result))
    #7 /home/client30/web43/web/index.php(94): PageError404->generate(false)
    #8 /home/client30/web43/web/index.php(401): Index->run()
    #9 {main}


    Fatal error: Uncaught exception Exception with message Cannot create file "system/scripts/a3c8a7a772d0.css" thrown in /home/client30/web43/web/system/libraries/File.php on line 110
    #0 /home/client30/web43/web/system/libraries/Combiner.php(158): File->__construct('system/scripts/...')
    #1 /home/client30/web43/web/system/modules/frontend/PageRegular.php(446): Combiner->getCombinedFile()
    #2 /home/client30/web43/web/system/modules/frontend/PageRegular.php(150): PageRegular->createHeaderScripts(Object(DB_Mysql_Result), Object(DB_Mysql_Result))
    #3 /home/client30/web43/web/system/modules/frontend/PageError404.php(101): PageRegular->generate(Object(DB_Mysql_Result))
    #4 /home/client30/web43/web/index.php(94): PageError404->generate(false)
    #5 /home/client30/web43/web/index.php(401): Index->run()
    #6 {main}
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    This will not work as the Linux apache suexec binary has the default website path of the Linux distribution (/var/www) compiled in for security reasons. Mounting the folders as nfs is not a problem, but you have to mount them into the system website directory (/var/www on Debian, Ubuntu and CentOS) or /srv/www on OpenSuSE), that's why the ispconfig install instructions and defaults use /var/www and not /home/www.

    Beside that, check that all packages that are mentioned in the apache install chapter of the perfect server guide are installed and enabled, especially suexec is important for your problem.

    You can also try to switch from php-fpm to php-fcgi, wait a minute and test again. But php-fpm seems to work, so it is not that likely that the problem is there.

     
  7. Arianna

    Arianna Member

    ok. I have to move the mount point and reconfigure isp config.
    I'll let you know.

    Thanx,
    A.
     
  8. Arianna

    Arianna Member

    ok. I reconfigured ISPConfig and monted home directories under /var/www/clients (is the default dir, isn't it?).
    Nothing changed.
    Warning: scandir(/var/www/clients/client30/web46/web/system/modules/): failed to open dir: Permission denied in /var/www/clients/client30/web46/web/system/functions.php on line 274
    #0 [internal function]: __error(2, 'scandir(/var/ww...', '/var/www/client...', 274, Array)
    #1 /var/www/clients/client30/web46/web/system/functions.php(274): scandir('/var/www/client...')
    #2 /var/www/clients/client30/web46/web/system/libraries/Config.php(288): scan('/var/www/client...')
    #3 /var/www/clients/client30/web46/web/system/libraries/Config.php(149): Config->getActiveModules()
    #4 /var/www/clients/client30/web46/web/system/libraries/Config.php(125): Config->initialize()
    #5 /var/www/clients/client30/web46/web/system/initialize.php(74): Config::getInstance()
    #6 /var/www/clients/client30/web46/web/index.php(36): require('/var/www/client...')
    #7 {main}

    ... and so on.

    :(
    A.
     
  9. ztk.me

    ztk.me Well-Known Member HowtoForge Supporter

    The filesystem structure looks alright, so I guess your mount points are correct.
    Are the user/groups shown as they supposed to be? like does your web/system/modules folder ( and others below your web dir ) belong to client30:web46 ?
    Maybe @till knows if you would need to tick System > Server configuration > Web @ Network-filesystem

    Is php running using mod_php, fastcgi or fpm now?
     
  10. Arianna

    Arianna Member

    All the web dir (except stats) is owned by web36:client30.
    php is running in php-fpm mode
    web46 18693 18667 0 13:13 ? 00:00:00 php-fpm: pool web46
    web46 18694 18667 0 13:13 ? 00:00:00 php-fpm: pool web46
    and System > Server configuration > Web @ Network-filesystem is checked.

    NOTE: it isn't a fresh install. I copied the old home directory from the server where was running (without isp) and changed file ownership, and the db is imported.... could be this the problem?


    getting mad......
    A.
     
  11. ztk.me

    ztk.me Well-Known Member HowtoForge Supporter

    Strange, the only issue I currently can think of might be that the mounting options / remote system / mount point permissions are not set as expected.
    Where is your mount point in this case?
    What permissions does it have?
    Code:
    /var/ has www dir
    drwxr-xr-x  8 root  root  4.0K Mar  1 08:19 www
    /var/www/ has clients dir
    drwxr-xr-x  4 root    root    4.0K Feb 23 15:40 clients
    /var/www/clients/ has client1 dir
    drwxr-xr-x 25 root root 4.0K Mar  1 08:19 client1
    /var/www/clients/client1/ has web2 dir
    drwxr-xr-x  9 root  root    4.0K Feb 23 08:55 web2
    /var/www/clients/client1/web2 has web dir
    drwx--x--x 12 web2 client1 4.0K Feb 24 04:00 web
    
    Another thing could be active selinux/apparmor rules disableing write permissions to network shares?!
     
  12. till

    till Super Moderator Staff Member ISPConfig Developer

    This can be a problem, yes.

    And not sure if its a typo, but you sa above that the files are owned by web36 and the php-fpm runs as web46?
     
  13. till

    till Super Moderator Staff Member ISPConfig Developer

    What you can further try is this:

    Go to System > Server config > web in ispconfig, there you find a checkbox "Set folder permissions on update", enable that checkbox.
    Then go to the website settings of this site in ispconfig, change a value (e.g. enable cgi) and press save. Then wait 1-2 minutes and check if it works now. ISPConfig does not touch folder permissions at all to allow custom settings, but when you enable this option, then ispconfig tries to set the permissions again on update so this might fix the wrong permissions.
     
  14. Arianna

    Arianna Member

    yes.. is a typo.... the user is web46.
    I will try a fresh install, but I don't know if contao has a export/import system as wordpress has.
    @ztk.me: share is mounted rw and on the same share wordpress can write, so it isn't a metter of selinux (no error in audit.log)
     
  15. till

    till Super Moderator Staff Member ISPConfig Developer

    You can copy over the contao installation from one server to another one, but only the part that is in the web / htdocs folder plus the database. Then you might want to do a search in the database and a recursive grep in the files if they contain the old path somewhere.
     
  16. ztk.me

    ztk.me Well-Known Member HowtoForge Supporter

    if wordpress on another host can write on its network share and the paths are correct for contao, then there has to be an issue with the folder permissions where the script wants to write to, don't see what else it could be in this case then.
     
  17. Arianna

    Arianna Member

    keep on working. I'll let you know.
    Thanks for the moment.
    :)
    A.
     
  18. Arianna

    Arianna Member

    ok, the fresh install works.
    Much ado about nothing.

    But I learned that with contao fresh install and the copy web/htdocs and db.

    ;)
    A.
     
    ztk.me likes this.

Share This Page